Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Enterprise Security is a distinct and sophisticated profession requiring a unique set of competencies and
skills for success. Roles in this industry are not a subset or “spin-off” of the criminal justice system.
Nonetheless, not all academic and training programs with “security” in their title offer an education with
consistent, current, industry-aligned competencies and employability skills. This complication in education
contributes to the growing security industry skills gap.
The workforce is also aging, which leads to further shortages of qualified workers, and creates the need to
strengthen the industry’s talent pipeline. These dynamics, and the absence of industry-endorsed solutions,
contribute to large talent deficits that may weaken the security infrastructure of organizations, enterprises,
and the larger global economy.
To respond to workforce development challenges in enterprise security, the ASIS Foundation1 engaged in
multiple research initiatives to identify the security risks that enterprises are most likely to face over the next
five years, and the specific professional competencies and skills2 that are required to mitigate and respond to
those risks. The goal of these research efforts is to promote and maintain a common understanding of the
skill sets and competencies that are essential to educate and train a globally competitive security workforce.
Establishing consensus on which security competencies are needed across industries and subsectors of the
security industry can help to close skills gaps by defining clearer career pathways for tomorrow’s
professionals.
National Roundtable: In June 2013 the ASIS Foundation convened a national roundtable of senior
leaders from the security industry, higher education, and government to identify the top security
risks and challenges that the industry will face in the next five years, and the key competencies that
security practitioners will require to manage the risks and challenges effectively. The roundtable
findings were published in Enterprise Security Risks and Workforce Competencies, a report released
by the ASIS Foundation and University of Phoenix in fall 2013.3
National Survey: The ASIS Foundation conducted a national survey of security industry
professionals in fall 2013 to validate the roundtable findings with quantitative data to help verify and
1The ASIS Foundation/University of Phoenix skills gap research, analysis, and collaboration has now led to the application of the
U.S. Department of Labor Competency Model Clearinghouse resources, models, and guidance.
2A competency is the capability to apply or use a set of related knowledge, skills, and abilities required to successfully perform
“critical work functions” or tasks in a defined work setting.
3University of Phoenix / ASIS Foundation “Enterprise Security Risks and Workforce Competencies – Findings From An Industry
Roundtable on Security Talent Development” September 2013, http://cdn.assets-
phoenix.net/content/dam/altcloud/doc/industry/UOPX-ASISFoundationSecurityRisksandCompetenciesReport.pdf
The Enterprise Security competency research is formatted into a new Enterprise Security Competency
Model, using a framework provided by the U.S. Department of Labor’s Employment and Training
Administration.4
A competency model is a
This Enterprise Security Competency Model is designed to encompass the
collection of competencies
broad baseline skills and competencies needed for the entire industry, not just
that together define
an industry segment or occupation. 5 The model is intended to reflect the successful performance in a
competencies needed for entry-level security professionals and also to serve as particular work setting.
a career development tool to help ensure that security practitioners possess Competency models are
foundational competencies that are required as prerequisites for additional the foundation for important
education or training that enables them to advance in their careers. The model human resource functions
also serves as a resource to identify the training and education needed to such as recruitment and
upgrade incumbent workers’ skills to adapt to new technologies, emerging hiring, training and
industry dynamics, and new work processes. 6 development, and
performance management.
Model Publication
The ASIS Foundation, ASIS International, the CSO Roundtable and the Apollo Education Group are
working to validate the Enterprise Security Model with subject matter experts, corporations and other
stakeholders. The CSO Roundtable Leadership and Development Committee helped design the validation
process and steps necessary to publish the Enterprise Security Competency Model in.
Following the publication of the model, the ASIS Foundation will ensure that it will be reviewed to adjust to
the changing dynamics of the global security industry. The ASIS Foundation will partner with multiple
industry stakeholders to disseminate the model, creating resources and tools to enable security professionals,
private organizations, government entities and training and educational institutions to understand and apply
the model to their respective workforce development priorities.
4The Enterprise Security Competency Model was written by University of Phoenix & Apollo Education group and validated in
partnership with ASIS International, the ASIS Foundation & the CSO Roundtable.
5It should be noted, however, that this competency model does not encompass allied professionals in IT-related security fields. IT
professionals represent a segment of the security industry that requires a specialized set of competency requirements.
6 The Enterprise Security Competency Model will be vetted by security industry professionals, security industry associations,
industry leaders and subject matter experts, education leaders and governmental entities in the United States and throughout the
world. The model will depict the consensus among these global stakeholders for the competencies and skills required for success in
the enterprise security industry.
Foundational Competencies
Competency – A
At the base of the model, Tiers 1 through 3 represent competencies that cluster of related
provide the foundation for success in school and in the world of work. knowledge, skills,
and abilities that
Foundational competencies are essential to a large number of
affects a major part
occupations and industries. Employers have identified a link between
of one’s job (a role
foundational competencies and job performance and have also or responsibility),
discovered that foundational competencies are a prerequisite for workers that correlates with
to learn industry-specific skills. performance on the
job, that can be
The Foundational Competency Level is organized into three competency measured against
tiers representing the “soft-skills” and work readiness skills that most well-accepted
employers demand: standards, and that
can be improved
through training,
development, and
7 See “Introduction to the Tools,” experience.
http://www.careeronestop.org/competencymodel/careerpathway/cpwoverview.aspx.
8 See “Competency Model General Instructions,”
http://www.careeronestop.org/competencymodel/careerpathway/CPWGenInstructions.aspx.
9 Ibid.
Industry-Related Competencies
The competencies shown in Tiers 4 and 5 are referred to as Industry-Related Competencies and are
specific to an industry or industry sector. Industry-wide technical competencies cut across industry
subsectors, making it possible to create career lattices where a worker can move easily across
industry subsectors. Rather than narrowly following a single occupational career ladder, this model
supports the development of an agile workforce.
Tier 4 – Industry-Wide Technical Competencies cover the knowledge, skills, and abilities
from which workers across the industry can benefit, regardless of the sector in which they
operate. These competencies are considered cross-cutting, as they allow a worker to move
easily across industry sub-sectors. Because of this mobility, many of the critical work
functions on this tier deal with awareness or understanding, rather than performing specific
job tasks.
Upper Tiers
The competencies on Tiers 6, 7, 8, and 9 are referred to as Occupation Competencies and are
developed to define performance in a workplace, to design competency-based curriculum, or to
articulate the requirements for an occupational credential such as a license or certification. (It is
important to note that the U.S. DOL emphasizes that the usefulness of the competency model
framework is to serve broad industry competency requirements. Accordingly, these top-tier levels of
Occupation Competencies are typically not completed on the models available on the U.S. DOL
Competency Model Clearinghouse website. The DOL and this model will reference other resources
that are available to support profession-specific competency mapping.
1. Interpersonal Skills and Teamwork - Displaying skills to work with others from diverse
backgrounds.
Demonstrating concern for others
Show sincere interest in others and their concerns
Demonstrate sensitivity to the needs and feelings of others
Look for ways to help others and deliver assistance
Demonstrating insight into behavior
Recognize and accurately interpret the verbal and nonverbal behavior of others
Show insight into the actions and motives of others
Recognize when relationships with others are strained
Maintaining open communication
Maintain open lines of communication with others
Encourage others to share problems and successes
Establish a high degree of trust and credibility with others
Respecting diversity
Demonstrate sensitivity and respect for the opinions, perspectives, customs, and
individual differences of others
Value diversity of people and ideas
Deal with a wide range of people with flexibility and open-mindedness
Listen to and consider others’ viewpoints
Work well and develop effective relationships with diverse personalities
7. Lifelong Learning: Displaying a willingness to learn and apply new knowledge and skills.
Demonstrating an interest in learning
Demonstrate an interest in personal learning and development
Seek feedback from multiple sources about how to improve, develop, and modify
behavior based on feedback and/or self-analysis of past mistakes
Use newly learned knowledge and skills to complete specific tasks
Participating in training
Take steps to develop and maintain the knowledge, skills, and expertise necessary to
perform one’s role successfully
Participate fully in relevant training and professional development programs
Broaden knowledge and skills through technical expositions, seminars, professional
groups, reading publications, job shadowing, certification and continuing education
Anticipating changes in work
Anticipate changes in work demands and search for and participate in assignments or
training that address these changing demands
Treat unexpected circumstances as opportunities to learn
Identifying career interests
Take charge of personal career development by identifying occupational interests,
strengths, options, and opportunities
Make insightful career planning decisions based on integration and consideration of
others’ feedback, and seek out additional training to pursue career goals
1. Security Fundamentals - Understands and can apply basic security principles to the security
of the enterprise or a specific structure, system or process.
Plan, organize, direct and manage the organization’s security program to avoid/control
losses and apply the process to provide a secure work environment.
Develop, manage, or conduct threat/vulnerability analyses to determine the probable
frequency and severity of natural and man-made disasters, criminal activity,
counterproductive and risk behaviors and risk categories on the organizations profitability,
function, safety, and or ability to deliver products/services.
Evaluate methods to improve security and loss prevention and information loss prevention
systems on a continuous basis through auditing, review and assessment.
Develop and present employee security awareness programs to achieve organizational
goals and objectives.
Conducts pre-employment background screening for the unit, organization, operation or
enterprise.
3. Critical and Analytical Thinking - Using logic, reasoning, and analysis to address problems.
Reasoning
Possess sufficient logic, inductive, and deductive reasoning ability to perform job
successfully
Critically review, analyze, synthesize, compare, and interpret information
Draw conclusions from relevant and/or missing information
Understand the principles underlying the relationship among facts and apply this
understanding when solving problems
Be able to differentiate between fact and opinion
4. Communication - Giving full attention to what others are saying, and communicating in
English well enough to be understood by others.
Listening
Receive, attend to, interpret, understand, and respond to verbal messages and other cues
Pick out important information in communications
Understand complex instructions
Acknowledge feelings and concerns of communications
Communication
Express relevant information appropriately to individuals or groups taking into account
the audience and the nature of the information (e.g., technical or controversial)
Communicate clearly and confidently
Communicate using common English conventions including proper grammar, tone, and
pace
Track listener responses and react appropriately to those responses
When possible, effectively use eye contact and non-verbal expression
Two-way communication
Practice meaningful two-way communication (i.e., communicate clearly, pay close
attention and seek to understand others, and clarify information)
Be able to demonstrate good listening by summarizing or repeating communication back
to other speakers
As appropriate, effectively use eye contact, posture, and other nonverbal cues
Be able to effectively answer questions of others or communicate an inability to do so and
suggest other sources of answers
Persuasion/influence
Persuasively present thoughts and ideas
Gain commitment and ensure support for proposed ideas
Resolving conflicts
Bring others together to reconcile differences
Handle conflicts maturely by exercising “give and take” to achieve positive results for all
parties
Reach formal or informal agreements that promote mutual goals and interests, and obtain
commitment to those agreements from individuals or groups
4. Problem Solving and Decision Making - Applying critical-thinking skills to solve problems
by generating, evaluating, and implementing solutions.
Identifying the Problem
Anticipate or recognize the existence of a problem
Identify the true nature of the problem by analyzing its component parts
Evaluate the importance of the problem
Use all available reference systems to locate and obtain information relevant to the
problem
Recall previously learned information that is relevant to the problem
Document the problem and any corrective actions already taken and their outcomes
Locating, gathering, and organizing relevant information
Effectively use both internal resources (e.g., internal computer networks, manuals, policy
or procedure guidelines) and external resources (e.g., internet search engines) to locate
and gather information relevant to the problem
Examine information obtained for rigor, relevance, and completeness
Recognize important gaps in existing information and take steps to eliminate those gaps
Organize/reorganize information as appropriate to gain a better understanding of the
problem
Refer the problem to appropriate personnel when necessary
Generating alternatives
Integrate previously learned and externally obtained information to generate a variety of
high-quality alternative approaches to the problem
Use logic and analysis to identify the strengths and weaknesses, the costs and benefits,
and the short- and long-term consequences of different approaches
Choosing a solution
Choose the best solution after contemplating available approaches to the problem,
environmental factors, and conducting cost/benefit analyses
Make difficult decisions even in highly ambiguous or ill-defined situations
Implementing the solution
Commit to a solution in a timely manner, and develop a realistic approach for
5. Working with Tools and Technology - Selecting, using, and maintaining tools and
technology to facilitate work activity.
Selection and Application
Identify, evaluate, select, and apply hardware or software tools or technological solutions
appropriate to the task at hand (e.g., use statistical tools to show reliability of data)
Identify potential hazards or risks related to the use of tools and equipment
Present and obtain approval from decision-makers for acquiring tools and solutions
Negotiate with and manage relationships with vendors of tools and technologies
Operate tools and equipment in accordance with established operating procedures and
safety standards
Document tools and technologies and how they are used in the organization
Keeping Current
Seek out and continue learning about new and emerging tools, technologies, and
methodologies that may assist in streamlining work and improving productivity
Take charge of your own personal and professional growth
2. Compliance & Legal Aspects - Develop and maintain security policies, procedures and
practices that comply with relevant elements of criminal, civil, administrative and regulatory
law to minimize adverse legal consequences.
Provide coordination, assistance, and evidence such as documentation and testimony to
support actual or potential proceedings
Provide advice and assistance to management and others in developing performance
requirements and contractual terms for security vendors/suppliers and establish
effective monitoring processes to ensure that organizational needs and contractual
requirements are being met
Develop and maintain security policies, procedures, and practices that comply with
relevant laws regarding investigations, personnel security, information security and
other areas
3. Personnel Security & Business Continuity - Develop, implement and manage systems
and security practices that protect people and practices to ensure enterprise continuity and
risk resilience.
Develop, implement and manage background investigations to validate individual for
hiring, promotion or retention
Develop, implement, manage, and evaluate policies, procedures, and programs, and
methods to protect individuals in the workplace against harassment, threats and
4. Physical Security - Measures that are designed to deny unauthorized access to facilities,
equipment and resources, and to protect personnel and property from damage or harm,
involving the use of multiple layers of interdependent systems and techniques.
Survey facilities in order to manage and or evaluate the current status of physical
security, emergency and or restoration capabilities
Select, implement and manage security processes to reduce the risk of loss
Assess the effectiveness of security measures by testing and monitoring
Identify assets to determine their value loss impact and criticality
Assess the nature of threats so that scope of the problem can be determined
Conduct a physical security survey in order to identify the vulnerability of the
organization
Perform risk analysis so that appropriate countermeasures can be developed
Establish security system requirements and performance specifications
Apply physical security measures and select appropriate system components
Develop and conduct system design and pre-implementation plans
Outline criteria for pre-bid meeting to ensure comprehensiveness of implementation
Procure physical security measures, implement recommended quality assurance plan(s)
Conduct commissioning acceptance testing, and delivery of the physical security
measure
6. Crisis Management - The process by which an enterprise deals with a critical incident or
major event that threatens to harm the organization, its property, assets, systems, continuity and
or people.
Assess and prioritize risks to mitigate potential consequences of incidents.
Prepare and plan how the organization will respond to incidents.
Respond to and manage an incident.
Recover from incidents by managing the recovery and resumption of operations.
8. Case Management - A system to manage, analyze, report and present findings from
investigations for internal enterprise stakeholders and external systems.
Analyze case for applicable ethical conflicts
Analysis and assess case elements and strategies
Determine need and develop strategy by reviewing procedural options
Prepare reports to substantiate investigative findings
Prepare and present business case, testimony or other case presentation by reviewing
case files, meeting with stakeholders and presenting relevant facts.
9. Globalization & Cultural Awareness - Integrating cultures and global dynamics into
NOTE: The ‘Industry-Sector Functional Areas’ tier correspond to workforce roles in a large
number industries, and are meant to represent roles frequently aligned with the indicated specialty
area. Please note specialty areas reflect work that is highly specialized in diverse industries. At
times these roles may be assigned to a specific role or co-mingled with multiple enterprise security
responsibilities in the industry it serves.
Many competency models published with the U.S. Department of Labor do not populate the 4th
Tier. The research, industry validation and guidance received by the Executive Steering Committee
indicate distinct competencies utilized in a distinct number of industry segments. Although each
segment is outlined in this section, the research on the specific competencies utilized by each
segment will continue with the involvement of aligned ASIS International Councils and allied
organizations that offer specialized expertise in each segment herein.
1. Loss Prevention - Is a set of practices employed by retail companies and other corporate sectors
reducing preventable losses and secure corporate systems, policies and procedures to mitigate losses
caused by deliberate or inadvertent human actions.
2. Banking and Financial Services - Is a specialized security field including retail banking,
mortgage, credit/debit cards, internet banking, commercial and consumer lending to stock
brokerages, insurance companies, and other financial institutions requiring a sophisticated
application of various regulatory agencies.
3. Engineering & Design - Is a specialized field of engineering that focuses on the security aspects
in the design of systems that need to be able to deal robustly with possible sources of disruption,
ranging from natural disasters to malicious acts.
5. Hospitality & Entertainment - Security specialists operate in the hospitality, hotel, lodging,
entertainment, event and gaming applying risk and personnel management, budgeting and finance,
and a host of other areas in this specialized security segment.
6. Healthcare - Security in the healthcare industry involves in a work environment oriented toward
patient protection and service, and may also include safety and community emergency management,
supply chain security, pharmaceutical security and other areas of specialization.
8. Services Sales, Equipment - Is a specialized area of security-related products and services have
resulting from emerging threats and evolving high technology.
10. Utilities - Utilities refers to the security operations within telecommunications, water, electric,
and nuclear power plants and related private corporations. Even though sources of power differ,
there are common facilities to all utility operations.
ASIS International and the Institute of Finance & Management (IOFM), The United States Security
Industry: Size and Scope, Insights, Trends, and Data, 2013.
University of Phoenix / ASIS Foundation “Enterprise Security Risks and Workforce Competencies –
Findings From An Industry Roundtable on Security Talent Development” September 2013.
http://cdn.assetsphoenix.net/content/dam/altcloud/doc/industry/UOPX-
ASISFoundationSecurityRisksandCompetenciesReport.pdf
University of Phoenix / ASIS Foundation “Security Industry Survey of Risks and Professional
Competencies” August, 2014. http://cdn.assets-phoenix.net/content/dam/altcloud/doc/industry/ASIS-
Security-report-WEB.pdf
University of Phoenix / ASIS Foundation “Cybersecurity Workforce Competencies: Preparing
Tomorrow’s Risk-Ready Professionals” September, 2014. http://cdn.assets-
phoenix.net/content/dam/altcloud/doc/industry/cybersecurity-report.pdf
Security Executive Council, Corporate Governance and Compliance Hotline Benchmark Report, 2007
ASIS International Board Certification, Certified Protection Professional (CPP) (2014)
ASIS International Board Certification, Professional Certified Investigator (PCI) (2014)
ASIS International Board Certification, Physical Security Professional (PSP) (2014)
Scope and Emerging Trends, ASIS Foundation Security Report. ASIS Foundation, Justice & Safety
Center, Eastern Kentucky University and the National Institute of Justice (2005)
Trends in Proprietary Information Loss, Survey Report, ASIS Foundation, National Counterintelligence
Executive, ASIS Information Asset Protection Council (2007)
ASIS Foundation CRISP Report (Connecting Research in Security to Practice): Lost Laptops = Loss
Data Measuring Costs, Managing Threats, by Glen Kitteringham, CPP, (2008)
ASIS Foundation CRISP Report (Connecting Research in Security to Practice): Situational Crime
Prevention and Supply Chain Security, Theory For Best Practice, Harland Haelterman, PhD, (2013)
ASIS Foundation CRISP Report (Connecting Research in Security to Practice): Tackling the Insider
Threat, Nick Catrantzos, CPP (2010)
Business Continuity Guidelines, A Practical Approach for Emergency Preparedness, Crisis Management,
and Disaster Recovery, ASIS International (2005)
Business Continuity Management Systems: Requirement with Guidance for Use, ASIS
International/BSI BCM.01-2010, American National Standard. ASIS International.
General Security Risk Assessment Guideline, ASIS International (2006)
Chief Security Office (CS0) Organizational Standard, ASIS CSO1.-2008, American National Standard.
ASIS International.
Requirements with Guidance for Use, ASIS SPC 1-2009, American National Standard. ASIS
International
Pre-employment Background Screening, ASIS GDL PBS 2009, Guideline, ASIS International.
2013 O*NET Summary Reports for category: Security Management Specialists 13-1199.02,
http://www.onetonline.org/link/summary/13-1199.02;
2013 O*NET Summary Reports for category: Gaming Surveillance Officers and Gaming Investigators
33-9031.00, http://www.onetonline.org/link/summary/33-9031.00;
2013 O*NET Summary Reports for category: Loss Prevention Managers 11-9199.08,
http://www.onetonline.org/link/summary/11-9199.08;
2013 O*NET Summary Reports for category: Private Detectives and Investigators 33-9021.00,
http://www.onetonline.org/link/summary/33-9021.00;
2013 O*NET Summary Reports for category: Occupational Health and Safety Specialists 29-9011.00,
http://www.onetonline.org/link/summary/29-9011.00
2013 O*NET Summary Reports for category: Occupational Health and Safety Technicians 29-9012.00,
http://www.onetonline.org/link/summary/29-9012.00;
2013 O*NET Summary Reports for category: Business Continuity Planners 13-1199.04,
http://www.onetonline.org/link/summary/13-1199.04;
2013 O*NET Summary Reports for category: Risk Management Specialists 13-2099.02,
http://www.onetonline.org/link/summary/13-2099.02;
2013 O*NET Summary Reports for category: Emergency Management Directors 11-9161.00,
http://www.onetonline.org/link/summary/11-9161.00;
2013 O*NET Summary Reports for category: Industrial Safety and Health Engineers 17-2111.01,
http://www.onetonline.org/link/summary/17-2111.01;
2013 O*NET Summary Reports for category: Supply Chain Managers 11-9199.04,
http://www.onetonline.org/link/summary/11-9199.04;
2013 O*NET Summary Reports for category: Industrial Safety and Health Engineers 17-211.01,
http://www.onetonline.org/link/summary/17-2111.01
Certified Lodging Security Director (CLSD) American Hotel & Lodging Educational Institute Certified
Financial Services Security Professional (CFSSP), American Bankers Association (ABA)
Basic Certification for the Healthcare Security Officer – IAHSS (International Association for
Healthcare Security and Safety.
Certified Healthcare Protection Administrator for the Healthcare Security Manager/Director – IAHSS
Certified Fraud Examiner (CFE) offered by the Association of Certified Fraud Examiners.
Certified Information Systems Security Professional (CISSP) offered by the International Information
Systems Security Certification Consortium (ISC)2.
Certified Lodging Security Supervisor (CLSS) and Certified Lodging Security Director (CLSD) offered
by the Educational Institute of the American Hotel and Lodging Association (AH&LA)
Industrial Security Professional (ISP) offered by the National Classification Management Society
(NCMS).